Yum Repository

Russia blocked access (indirectly), now fixed

Late last month, Russia started blocking Webtatic.com indirectly because of a unaffiliated online currency website serving from the same IP address.

This affected the webtatic.com and mirror.webtatic.com websites.

This was due to Cloudflare (a CDN service), which both this and that online currency website were using, sharing IP addresses across it’s Free and Professional subscriptions between clients. A blanket ban was applied to the IP address to block the offending website.

Sadly Cloudflare were unable to solve the issue, and Webtatic was unable to get new unblocked IP addresses from them.

Due to this, Webtatic is no longer using the Cloudflare CDN, and will instead transition to hosting the website in multiple data centres (as the yum repositories also currently do).

New Package Nginx 1.10 (nginx1w)

Webtatic has now released Nginx 1.10.3 for RHEL/CentOS 7.3 as a new set of packages and dynamic modules, including pagespeed and headers_more. Significantly it also will support both SPDY 3.1 and HTTP2 (although the latter browsers wont use until a future release of RHEL 7.4).

This release will, unlike Webtatic's previous Nginx releases, follow all Nginx 1 stable minor releases, rather than just bugfix releases. (So for example if Nginx 1.12 is released, these packages will upgrade to that).

Continuing Nginx with the release of 1.10 with SPDY removed and HTTP2 added in gave a complex non-backwards compatible change:
* SPDY removed, so for example older Android devices could no longer benefit from the performance improvements.
* HTTP2 added, however RHEL/CentOS 6 and 7's openssl doesn't yet support the TLS ALPN extension to negotiate http protocol version. This means newer and newest browsers can't yet benefit from HTTP2 on this OS distribution.

For the former, Webtatic has reintroduced SPDY using patches Cloudflare created to add it to their own Nginx servers. Cloudflare provides the patch open source. It may be removed from Webtatic's releases later (e.g. if it becomes unmaintained).

For the latter, Webtatic aims to resolve as soon as an official RHEL/CentOS openssl upgrade becomes available and supported by them. Redhat are planning to do this as part of their RHEL 7.4 release, but this may be released. between half a year to a year from now.

Given Redhat has no plans to provide an openssl upgrade for RHEL/CentOS 6, Webtatic will no longer provide Nginx releases for that distro version.

Reminder: EL5 repository will become end-of-life 31st March

As mentioned in a previous post a year ago, due to Redhat ending support for RHEL 5 and CentOS 5 on 31st March 2017, Webtatic will be also doing the same for the EL5 repository.

After this date, there will be no more updates to packages on that repository, and all EL5 rpm's will be moved to the Webtatic EL5 archive repository.

It is recommended that if you use RHEL or CentOS 5, that you look at migrating to a newer version that is supported.